Detections
Analytics
Debian dla-4630 : libcrypto1.1-udeb - security update
high Nessus Plugin ID 321085
Synopsis
The remote Debian host is missing one or more security-related updates.Description
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4630 advisory.- ------------------------------------------------------------------------- Debian LTS Advisory DLA-4630-1 [email protected] https://www.debian.org/lts/security/ Arnaud Rebillout June 15, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : openssl Version : 1.1.1w-0+deb11u8 CVE ID : CVE-2026-7383 CVE-2026-9076 CVE-2026-34180 CVE-2026-42766 CVE-2026-45447
Several vulnerabilities have been discovered in OpenSSL, a Secure Socket Layer toolkit providing the SSL and TLS cryptographic protocols for secure communication over the Internet.
CVE-2026-7383
A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow.
CVE-2026-9076
When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kek_unwrap_key().
CVE-2026-34180
Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms.
CVE-2026-42766
A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption.
CVE-2026-45447
A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification.
For Debian 11 bullseye, these problems have been fixed in version 1.1.1w-0+deb11u8.
We recommend that you upgrade your openssl packages.
For the detailed security status of openssl please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/openssl
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Tenable has extracted the preceding description block directly from the Debian security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the libcrypto1.1-udeb packages.See Also
https://security-tracker.debian.org/tracker/source-package/openssl
https://security-tracker.debian.org/tracker/CVE-2026-34180
https://security-tracker.debian.org/tracker/CVE-2026-42766
https://security-tracker.debian.org/tracker/CVE-2026-45447
https://security-tracker.debian.org/tracker/CVE-2026-7383
Plugin Details
Severity: High
ID: 321085
File Name: debian_DLA-4630.nasl
Version: 1.1
Type: Local
Agent: unix
Family: Debian Local Security Checks
Published: 6/15/2026
Updated: 6/15/2026
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2026-45447
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:libssl-dev, p-cpe:/a:debian:debian_linux:libssl1.1-udeb, p-cpe:/a:debian:debian_linux:libssl-doc, p-cpe:/a:debian:debian_linux:libssl1.1, p-cpe:/a:debian:debian_linux:openssl, p-cpe:/a:debian:debian_linux:libcrypto1.1-udeb
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 6/15/2026
Vulnerability Publication Date: 6/9/2026
Reference Information
CVE: CVE-2026-34180, CVE-2026-42766, CVE-2026-45447, CVE-2026-7383, CVE-2026-9076
IAVA: 2026-A-0589